Bugtraq mailing list archives
Re: A paper by Amit Klein (Trusteer): "OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability"
From: Tim Newsham <newsham () lava net>
Date: Wed, 6 Feb 2008 07:48:10 -1000 (HST)
Interestingly enough, OpenBSD uses a flavor of this PRNG for another field, this time the IP fragmentation ID, part of the OpenBSD kernel network stack. The analysis carries out quite similarly to show that OpenBSD's IP ID is predictable as well, which gives way to O/S fingerprinting, idle-scanning, host alias detection, traffic analysis, and in some cases, even to TCP blind data injection.
Can you expound upon the blind TCP injection allowed by IP ID prediction?
Amit Klein CTO Trusteer
Tim Newsham http://www.thenewsh.com/~newsham/
Current thread:
- A paper by Amit Klein (Trusteer): "OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability" Amit Klein (Feb 06)
- Re: A paper by Amit Klein (Trusteer): "OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability" Tim Newsham (Feb 06)
- <Possible follow-ups>
- RE: A paper by Amit Klein (Trusteer): "OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability" Amit Klein (Feb 06)